From: Jonas Diemer <diemer@gmx.de>
To: linux-kernel@vger.kernel.org
Subject: security issue: hard disk lock
Date: Mon, 4 Apr 2005 19:42:10 +0200 [thread overview]
Message-ID: <200504041942.10976.diemer@gmx.de> (raw)
Hello!
I don't know if you guys already know, there is a possible security risk with
all modern desktop-pcs and ata hard drives. In short:
Modern ata drives can be locked by password. This lock could be set by a
malicous software. This security feature can be frozen, so no programs can
set a lock until the next reboot. Ususally, the BIOS should take care of
locking the security feature, but most desktop BIOSes (unlike laptop BIOSes)
fail to do so. Once a lock is set and the password is unknown, the drive is
trash.
See http://www.heise.de/ct/english/05/08/172/ for more details.
In the above article, a patched hdparm is used to freeze the drive's security
features. This can be used during boot to prevent programs from setting a
password. However, a malicous program could infect the computer and install
itself in the boot sequence prior to the execution of hdparm...
I figured there could be a kernel compiled-in option that will make the kernel
lock all drives found during bootup. then, a malicous program would need to
install a different kernel in order to harm the drive, which would be much
more secure.
What do you think of this?
Regards,
Jonas
PS: Please CC me in replies, I am not subscribed to the list.
next reply other threads:[~2005-04-04 17:42 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-04-04 17:42 Jonas Diemer [this message]
2005-04-04 18:32 ` security issue: hard disk lock Horst von Brand
2005-04-04 23:00 ` Chris Friesen
2005-04-05 15:41 ` Vernon Mauery
2005-04-05 17:10 ` Jonas Diemer
2005-04-04 19:26 ` Florian Weimer
2005-04-11 15:36 ` Alan Cox
2005-04-11 16:01 ` Jonas Diemer
2005-04-14 3:20 ` Mark Lord
2005-04-15 15:09 ` Alan Cox
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200504041942.10976.diemer@gmx.de \
--to=diemer@gmx.de \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox